From 9075404dc4c8882beaa1786a2598eabfeeb42821 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 15 Feb 2023 15:03:47 +0100
Subject: [PATCH] kubelet: use idmapped mounts for all volumes

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/kubelet/kuberuntime/kuberuntime_container_linux.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go b/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
index 3cb9c968fb1..4c753b466f3 100644
--- a/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
+++ b/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
@@ -54,6 +54,15 @@ func (m *kubeGenericRuntimeManager) applyPlatformSpecificContainerConfig(config
 		return err
 	}
 	config.Linux = cl
+
+	if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.UserNamespacesStatelessPodsSupport) {
+		if cl.SecurityContext.NamespaceOptions.UsernsOptions != nil {
+			for _, mount := range config.Mounts {
+				mount.UidMappings = cl.SecurityContext.NamespaceOptions.UsernsOptions.Uids
+				mount.GidMappings = cl.SecurityContext.NamespaceOptions.UsernsOptions.Gids
+			}
+		}
+	}
 	return nil
 }